diff --git a/tests/recipes/11_sign_nest b/tests/recipes/11_sign_nest index 033861b..097f124 100644 --- a/tests/recipes/11_sign_nest +++ b/tests/recipes/11_sign_nest @@ -27,7 +27,25 @@ if test -s "test.exe" fi # CAB file -# Error: -nest option is only valid for PE/MSI files +test_name="112. Sign a CAB file with the nest flag" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_112_signed.ex_" + ../../osslsigncode sign -h sha512 \ + -nest \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test_112_signed.ex_" -out "test_112.ex_" + verify_signature "$?" "112" "ex_" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "SHA512" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="113. Sign a MSI file with the nest flag" diff --git a/tests/recipes/31_extract_signature b/tests/recipes/31_extract_signature index 1b22795..a8544cd 100644 --- a/tests/recipes/31_extract_signature +++ b/tests/recipes/31_extract_signature @@ -1,5 +1,5 @@ #!/bin/sh -# Extract the signature from the PE/MSI file. +# Extract the signature from the PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -23,20 +23,35 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="312. Extract the signature from the CAB file" +printf "\n%s\n" "$test_name" +if [ -s "test.ex_" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_312.ex_" && \ + ../../osslsigncode extract-signature -pem \ + -in "test_312.ex_" -out "sign_cab.pem" + verify_signature "$?" "312" "ex_" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="312. Extract the signature from the MSI file" +test_name="313. Extract the signature from the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_312.msi" && \ + -in "sample.msi" -out "test_313.msi" && \ ../../osslsigncode extract-signature -pem \ - -in "test_312.msi" -out "sign_msi.pem" - verify_signature "$?" "312" "msi" "success" "@2019-09-01 12:00:00" \ + -in "test_313.msi" -out "sign_msi.pem" + verify_signature "$?" "313" "msi" "success" "@2019-09-01 12:00:00" \ "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" test_result "$?" "$test_name" else diff --git a/tests/recipes/32_attach_signature b/tests/recipes/32_attach_signature index ebf9634..c3dd5d4 100644 --- a/tests/recipes/32_attach_signature +++ b/tests/recipes/32_attach_signature @@ -1,5 +1,5 @@ #!/bin/sh -# Attach the signature to the PE/MSI file. +# Attach the signature to the PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -21,18 +21,31 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="322. Attach the signature to the CAB file" +printf "\n%s\n" "$test_name" +if [ -s "test.ex_" ] + then + ../../osslsigncode attach-signature -sigin "sign_cab.pem" \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test.ex_" -out "test_322.ex_" + verify_signature "$?" "322" "ex_" "success" "@2019-09-01 12:00:00" \ + "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="322. Attach the signature to the MSI file" +test_name="323. Attach the signature to the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode attach-signature -sigin "sign_msi.pem" \ -CAfile "${script_path}/../certs/CACert.pem" \ -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "sample.msi" -out "test_322.msi" - verify_signature "$?" "322" "msi" "success" "@2019-09-01 12:00:00" \ + -in "sample.msi" -out "test_323.msi" + verify_signature "$?" "323" "msi" "success" "@2019-09-01 12:00:00" \ "sha256sum" "ASCII" "osslsigncode" "UNUSED_PATTERN" test_result "$?" "$test_name" else diff --git a/tests/recipes/33_remove_signature b/tests/recipes/33_remove_signature index 6183d62..d27e02b 100644 --- a/tests/recipes/33_remove_signature +++ b/tests/recipes/33_remove_signature @@ -1,5 +1,5 @@ #!/bin/sh -# Remove the signature from the PE/MSI file. +# Remove the signature from the PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -23,20 +23,35 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="332. Remove the signature from the CAB file" +printf "\n%s\n" "$test_name" +if [ -s "test.ex_" ] + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_332_signed.ex_" && \ + ../../osslsigncode remove-signature \ + -in "test_332_signed.ex_" -out "test_332.ex_" + verify_signature "$?" "332" "ex_" "fail" "@2019-09-01 12:00:00" \ + "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="332. Remove the signature from the MSI file" +test_name="333. Remove the signature from the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_332_signed.msi" && \ + -in "sample.msi" -out "test_333_signed.msi" && \ ../../osslsigncode remove-signature \ - -in "test_332_signed.msi" -out "test_332.msi" - verify_signature "$?" "332" "msi" "fail" "@2019-09-01 12:00:00" \ + -in "test_333_signed.msi" -out "test_333.msi" + verify_signature "$?" "333" "msi" "fail" "@2019-09-01 12:00:00" \ "sha256sum" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" test_result "$?" "$test_name" else diff --git a/tests/recipes/35_varia_sha256sum b/tests/recipes/35_varia_sha256sum index 49d9314..0c0d40b 100644 --- a/tests/recipes/35_varia_sha256sum +++ b/tests/recipes/35_varia_sha256sum @@ -22,6 +22,21 @@ if test -s "test.exe" skip=$(($skip+1)) fi +if test -s "test.ex_" + then + if test $(cat "sha256sum_ex_.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 + then + res=1 + cat "sha256sum_ex_.log" >> "results.log" + printf "Non-unique SHA256 message digests found\n" >> "results.log" + else + rm -f test_3[1-4]*[1-2]*.ex_ + fi + rm -f "sha256sum_ex_.log" + else + skip=$(($skip+1)) + fi + if test -s "sample.msi" then if test $(cat "sha256sum_msi.log" | cut -d' ' -f1 | uniq | wc -l) -ne 1 diff --git a/tests/recipes/36_add_signature_blob b/tests/recipes/36_add_signature_blob index c287735..2907b6e 100644 --- a/tests/recipes/36_add_signature_blob +++ b/tests/recipes/36_add_signature_blob @@ -1,5 +1,5 @@ #!/bin/sh -# Add an unauthenticated blob to the PE/MSI file. +# Add an unauthenticated blob to the PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -24,21 +24,37 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="362. Add an unauthenticated blob to the CAB file" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_362_signed.ex_" + ../../osslsigncode add \ + -addUnauthenticatedBlob \ + -in "test_362_signed.ex_" -out "test_362.ex_" + verify_signature "$?" "362" "ex_" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="362. Add an unauthenticated blob to the MSI file" +test_name="363. Add an unauthenticated blob to the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_362_signed.msi" + -in "sample.msi" -out "test_363_signed.msi" ../../osslsigncode add \ -addUnauthenticatedBlob \ - -in "test_362_signed.msi" -out "test_362.msi" - verify_signature "$?" "362" "msi" "success" "@2019-09-01 12:00:00" \ + -in "test_363_signed.msi" -out "test_363.msi" + verify_signature "$?" "363" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "BEGIN_BLOB" "MODIFY" test_result "$?" "$test_name" else diff --git a/tests/recipes/37_add_signature_timestamp b/tests/recipes/37_add_signature_timestamp index 547178c..df0bf52 100644 --- a/tests/recipes/37_add_signature_timestamp +++ b/tests/recipes/37_add_signature_timestamp @@ -1,5 +1,5 @@ #!/bin/sh -# Add an authenticode timestamp to the PE/MSI file. +# Add an authenticode timestamp to the PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="372. Add an authenticode timestamp to the CAB file" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_372_signed.ex_" && \ + ../../osslsigncode add \ + -t http://time.certum.pl/ \ + -in "test_372_signed.ex_" -out "test_372.ex_" + verify_signature "$?" "372" "ex_" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="372. Add an authenticode timestamp to the MSI file" +test_name="373. Add an authenticode timestamp to the MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_372_signed.msi" && \ + -in "sample.msi" -out "test_373_signed.msi" && \ ../../osslsigncode add \ -t http://time.certum.pl/ \ - -in "test_372_signed.msi" -out "test_372.msi" - verify_signature "$?" "372" "msi" "success" "@2019-09-01 12:00:00" \ + -in "test_373_signed.msi" -out "test_373.msi" + verify_signature "$?" "373" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" test_result "$?" "$test_name" else diff --git a/tests/recipes/38_add_signature_rfc3161 b/tests/recipes/38_add_signature_rfc3161 index a7c48f4..c9bd07e 100644 --- a/tests/recipes/38_add_signature_rfc3161 +++ b/tests/recipes/38_add_signature_rfc3161 @@ -1,5 +1,5 @@ #!/bin/sh -# Add an RFC 3161 timestamp to signed PE/MSI file. +# Add an RFC 3161 timestamp to signed PE/CAB/MSI file. . $(dirname $0)/../test_library script_path=$(pwd) @@ -24,21 +24,37 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="382. Add RFC 3161 timestamp to signed CAB file" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_382_signed.ex_" + ../../osslsigncode add \ + -ts http://time.certum.pl/ \ + -in "test_382_signed.ex_" -out "test_382.ex_" + verify_signature "$?" "382" "ex_" "success" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file -test_name="382. Add RFC 3161 timestamp to signed MSI file" +test_name="383. Add RFC 3161 timestamp to signed MSI file" printf "\n%s\n" "$test_name" if test -s "sample.msi" && ! grep -q "no libcurl available" "results.log" then ../../osslsigncode sign -h sha256 \ -st "1556668800" \ -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ - -in "sample.msi" -out "test_382_signed.msi" + -in "sample.msi" -out "test_383_signed.msi" ../../osslsigncode add \ -ts http://time.certum.pl/ \ - -in "test_382_signed.msi" -out "test_382.msi" - verify_signature "$?" "382" "msi" "success" "@2019-09-01 12:00:00" \ + -in "test_383_signed.msi" -out "test_383.msi" + verify_signature "$?" "383" "msi" "success" "@2019-09-01 12:00:00" \ "UNUSED_PATTERN" "ASCII" "Unizeto" "UNUSED_PATTERN" test_result "$?" "$test_name" else diff --git a/tests/recipes/40_verify_leaf_hash b/tests/recipes/40_verify_leaf_hash index 866ea63..14af5f6 100644 --- a/tests/recipes/40_verify_leaf_hash +++ b/tests/recipes/40_verify_leaf_hash @@ -1,5 +1,5 @@ #!/bin/sh -# Compare the leaf certificate hash against specified SHA256 message digest for the PE/MSI file +# Compare the leaf certificate hash against specified SHA256 message digest for the PE/CAB/MSI file . $(dirname $0)/../test_library script_path=$(pwd) @@ -20,7 +20,19 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="402. Compare the leaf certificate hash against specified SHA256 message digest for the CAB file" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" + then + ../../osslsigncode sign -h sha256 \ + -st "1556668800" \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.der" \ + -in "test.ex_" -out "test_402.ex_" + verify_leaf_hash "$?" "402" "ex_" "@2019-05-01 00:00:00" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="403. Compare the leaf certificate hash against specified SHA256 message digest for the MSI file" diff --git a/tests/recipes/51_verify_time b/tests/recipes/51_verify_time index 35274dd..e4ca4ed 100644 --- a/tests/recipes/51_verify_time +++ b/tests/recipes/51_verify_time @@ -1,5 +1,5 @@ #!/bin/sh -# Verify PE/MSI file signature after the cert has been expired. +# Verify PE/CAB/MSI file signature after the cert has been expired. . $(dirname $0)/../test_library @@ -21,7 +21,21 @@ if test -s "test.exe" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="512. Verify CAB file signature after the cert has been expired" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -in "test.ex_" -out "test_512.ex_" 2>> "results.log" 1>&2' + verify_signature "$?" "512" "ex_" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="513. Verify MSI file signature after the cert has been expired" diff --git a/tests/recipes/52_verify_timestamp b/tests/recipes/52_verify_timestamp index cab4e9b..902fbfd 100644 --- a/tests/recipes/52_verify_timestamp +++ b/tests/recipes/52_verify_timestamp @@ -1,5 +1,5 @@ #!/bin/sh -# Verify PE/MSI file signature with Authenticode timestamping after the cert has been expired. +# Verify PE/CAB/MSI file signature with Authenticode timestamping after the cert has been expired. . $(dirname $0)/../test_library @@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="522. Verify CAB file signature with timestamping after the cert has been expired" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "test.ex_" -out "test_522.ex_" 2>> "results.log" 1>&2' + verify_signature "$?" "522" "ex_" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="523. Verify MSI file signature with timestamping after the cert has been expired" diff --git a/tests/recipes/53_verify_rfc3161 b/tests/recipes/53_verify_rfc3161 index 403a9b7..1c7a2ac 100644 --- a/tests/recipes/53_verify_rfc3161 +++ b/tests/recipes/53_verify_rfc3161 @@ -1,5 +1,5 @@ #!/bin/sh -# Verify PE/MSI file signature with RFC3161 timestamping after the cert has been expired. +# Verify PE/CAB/MSI file signature with RFC3161 timestamping after the cert has been expired. . $(dirname $0)/../test_library @@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="532. Verify CAB file signature with RFC3161 after the cert has been expired" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/cert.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -in "test.ex_" -out "test_532.ex_" 2>> "results.log" 1>&2' + verify_signature "$?" "532" "ex_" "success" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="533. Verify MSI file signature with RFC3161 after the cert has been expired" diff --git a/tests/recipes/54_verify_expired b/tests/recipes/54_verify_expired index 9e987e5..3d392cf 100644 --- a/tests/recipes/54_verify_expired +++ b/tests/recipes/54_verify_expired @@ -1,5 +1,5 @@ #!/bin/sh -# Verify PE/MSI file signed with the expired cert. +# Verify PE/CAB/MSI file signed with the expired cert. . $(dirname $0)/../test_library @@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="542. Verify CAB file signed with the expired cert" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/expired.pem" -key "${script_path}/../certs/key.pem" \ + -t http://time.certum.pl/ \ + -in "test.ex_" -out "test_542.ex_" 2>> "results.log" 1>&2' + verify_signature "$?" "542" "ex_" "fail" "@2025-01-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="543. Verify MSI file signed with the expired cert" diff --git a/tests/recipes/55_verify_revoked b/tests/recipes/55_verify_revoked index b14c488..90ac0df 100644 --- a/tests/recipes/55_verify_revoked +++ b/tests/recipes/55_verify_revoked @@ -1,5 +1,5 @@ #!/bin/sh -# Verify PE/MSI file signed with the revoked cert. +# Verify PE/CAB/MSI file signed with the revoked cert. . $(dirname $0)/../test_library @@ -22,7 +22,22 @@ if test -s "test.exe" && ! grep -q "no libcurl available" "results.log" fi # CAB file -# Command is not supported for non-PE/non-MSI files +test_name="552. Verify CAB file signed with the revoked cert" +printf "\n%s\n" "$test_name" +if test -s "test.ex_" && ! grep -q "no libcurl available" "results.log" + then + TZ=GMT faketime -f '@2019-05-01 00:00:00' /bin/bash -c ' + script_path=$(pwd) + ../../osslsigncode sign -h sha256 \ + -certs "${script_path}/../certs/revoked.pem" -key "${script_path}/../certs/key.pem" \ + -ts http://time.certum.pl/ \ + -in "test.ex_" -out "test_552.ex_" 2>> "results.log" 1>&2' + verify_signature "$?" "552" "ex_" "fail" "@2019-09-01 12:00:00" \ + "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" "UNUSED_PATTERN" + test_result "$?" "$test_name" + else + printf "Test skipped\n" + fi # MSI file test_name="553. Verify MSI file signed with the revoked cert" diff --git a/tests/sources/a b/tests/sources/a new file mode 100644 index 0000000..72943a1 --- /dev/null +++ b/tests/sources/a @@ -0,0 +1 @@ +aaa diff --git a/tests/sources/b b/tests/sources/b new file mode 100644 index 0000000..f761ec1 --- /dev/null +++ b/tests/sources/b @@ -0,0 +1 @@ +bbb diff --git a/tests/sources/c b/tests/sources/c new file mode 100644 index 0000000..b2a7546 --- /dev/null +++ b/tests/sources/c @@ -0,0 +1 @@ +ccc diff --git a/tests/myapp.c b/tests/sources/myapp.c similarity index 100% rename from tests/myapp.c rename to tests/sources/myapp.c diff --git a/tests/sample.wxs b/tests/sources/sample.wxs similarity index 100% rename from tests/sample.wxs rename to tests/sources/sample.wxs diff --git a/tests/test_library b/tests/test_library index fe12012..699fc69 100755 --- a/tests/test_library +++ b/tests/test_library @@ -74,13 +74,8 @@ search_pattern() { printf "Failed: $4 not found\n" elif test "$5" = "MODIFY" then - if test "$2" != "ex_" - then - modify_blob "$1" "$2" "$4" - result=$? - else - printf "MODIFY is not supported for CAB files\n" - fi + modify_blob "$1" "$2" "$4" + result=$? fi return "$result" @@ -101,21 +96,16 @@ verify_signature() { printf "" > "verify.log" if test "$1" -eq 0 then - if test "$3" != "ex_" - then - cp "test_$2.$3" "test_tmp.tmp" - TZ=GMT faketime -f "$5" /bin/bash -c ' - printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" - script_path=$(pwd) - ../../osslsigncode verify \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -in "test_tmp.tmp" 2>> "verify.log" 1>&2' - result=$? - rm -f "test_tmp.tmp" - else - printf "VERIFY is not supported for CAB files\n" - fi + cp "test_$2.$3" "test_tmp.tmp" + TZ=GMT faketime -f "$5" /bin/bash -c ' + printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" + script_path=$(pwd) + ../../osslsigncode verify \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -in "test_tmp.tmp" 2>> "verify.log" 1>&2' + result=$? + rm -f "test_tmp.tmp" if test "$result" -eq 0 -a "$7" != "UNUSED_PATTERN" -a "$8" != "UNUSED_PATTERN" then search_pattern "$2" "$3" "$7" "$8" "$9" @@ -159,22 +149,17 @@ verify_leaf_hash() { printf "" > "verify.log" if test "$1" -eq 0 then - if test "$3" != "ex_" - then - cp "test_$2.$3" "test_tmp.tmp" - TZ=GMT faketime -f "$4" /bin/bash -c ' - printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" - script_path=$(pwd) - ../../osslsigncode verify \ - -CAfile "${script_path}/../certs/CACert.pem" \ - -CRLfile "${script_path}/../certs/CACertCRL.pem" \ - -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ - -in "test_tmp.tmp" 2>> "verify.log" 1>&2' - result=$? - rm -f "test_tmp.tmp" - else - printf "VERIFY is not supported for CAB files\n" - fi + cp "test_$2.$3" "test_tmp.tmp" + TZ=GMT faketime -f "$4" /bin/bash -c ' + printf "Verify time: " >> "verify.log" && date >> "verify.log" && printf "\n" >> "verify.log" + script_path=$(pwd) + ../../osslsigncode verify \ + -CAfile "${script_path}/../certs/CACert.pem" \ + -CRLfile "${script_path}/../certs/CACertCRL.pem" \ + -require-leaf-hash SHA256:$(sha256sum "${script_path}/../certs/cert.der" | cut -d" " -f1) \ + -in "test_tmp.tmp" 2>> "verify.log" 1>&2' + result=$? + rm -f "test_tmp.tmp" if test "$result" -eq 0 then rm -f "test_$2.$3" diff --git a/tests/testall.sh b/tests/testall.sh index 81aafde..f14ca22 100755 --- a/tests/testall.sh +++ b/tests/testall.sh @@ -54,22 +54,24 @@ if test "$result" -ne 0 exit $result fi -# PE and CAB files support +# PE files support if test -n "$(command -v x86_64-w64-mingw32-gcc)" then - x86_64-w64-mingw32-gcc "../myapp.c" -o "test.exe" 2>> "results.log" 1>&2 - if test -n "$(command -v gcab)" - then - gcab -c "test.ex_" "test.exe" 2>> "results.log" 1>&2 - else - printf "%s\n" "gcab not found in \$PATH" - printf "%s\n" "tests for CAB files skipped, please install gcab package" - fi + x86_64-w64-mingw32-gcc "../sources/myapp.c" -o "test.exe" 2>> "results.log" 1>&2 else printf "%s\n" "x86_64-w64-mingw32-gcc not found in \$PATH" printf "%s\n" "tests for PE files skipped, please install mingw64-gcc package" fi +# CAB files support +if test -n "$(command -v gcab)" + then + gcab -c "test.ex_" "../sources/a" "../sources/b" "../sources/c" 2>> "results.log" 1>&2 + else + printf "%s\n" "gcab not found in \$PATH" + printf "%s\n" "tests for CAB files skipped, please install gcab package" + fi + # MSI files support if grep -q "no libgsf available" "results.log" then @@ -78,7 +80,7 @@ if grep -q "no libgsf available" "results.log" if test -n "$(command -v wixl)" then touch FoobarAppl10.exe - cp "../sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 + cp "../sources/sample.wxs" "sample.wxs" 2>> "results.log" 1>&2 wixl -v "sample.wxs" 2>> "results.log" 1>&2 else printf "%s\n" "wixl not found in \$PATH" @@ -100,7 +102,7 @@ if test -n "$(command -v faketime)" make_tests result=$? rm -f "test.exe" "test.ex_" "sample.msi" "sample.wxs" "FoobarAppl10.exe" - rm -f "sign_pe.pem" "sign_msi.pem" "verify.log" + rm -f "sign_pe.pem" "sign_cab.pem" "sign_msi.pem" "verify.log" else printf "%s\n" "xxd not found in \$PATH" printf "%s\n" "tests skipped, please install vim-common package"